Integrating fuzzing into DevSecOps

Fuzzing helps detect unknown vulnerabilities before software is released. Learn when and where to integrate and automate fuzz testing in your SDLC. Fuzz testing is a highly effective technique for finding weaknesses in software. It’s performed by delivering malformed and unexpected inputs to target software while monitoring it to detect unwanted behavior and log failures.


Technology Companies Have the Largest Proportion of Applications With High-Severity Flaws

As a result of the worldwide pandemic, technology companies were forced to pivot to fully remote operations. For many organizations, this meant accelerating their digital transformation efforts. But despite the investment in digital transformation efforts, there haven’t been enough investments in security measures.


Password Storage Using Java

This is the eighth entry in the blog series on using Java Cryptography securely. The first few entries talked about architectural details, Cryptographically Secure Random Number Generators, encryption/decryption, and message digests. Later we looked at What’s New in the latest Java version. All of this equipped us to talk in detail about some of the most common Cryptographic applications. We started by looking at the symmetric cryptography-based application with Message Authentication Code.


Snyk chats with Shutterstock about building a DevSecOps culture

While it’s relatively easy to buy modern security tools, the culture of a company can have an enormous impact on the successful rollout of new security processes. In fact, one of the greatest hurdles for implementing a DevSecOps approach to application security is company-wide adoption. During a recent webinar, Simon Maple, VP of Developer Relations & Community at Snyk spoke with Christian Bobadilla, Director of Product and Application Security at Shutterstock about building a DevSecOps culture.


AppSec with LolCats: Click2Cat - the Security Extension to Veracode You Didn't Realize You Needed

Fixing security findings in your code can be hard. Sometimes you need help from other developers who have solved these problems before. Veracode provides one-on-one time with ex-developers who can coach you through different approaches to address security findings. But sometimes, you don’t really want advice. Instead, you need a boost to help you get through the day of reducing risk in your software.


Manufacturing Has the Lowest Percentage of High-Severity Flaws but Needs to Improve Time to Remediation

The past 12 months have been especially challenging for the manufacturing industry. The pandemic affected in-person manufacturing jobs as well as supply and demand, causing many manufacturing companies to shut their doors or lay off valuable employees. Recognizing the vulnerable state of manufacturing companies, cybercriminals saw manufacturing as an easy target. In fact, the manufacturing industry saw an 11 percent increase in cyberattacks in 2020.


Veracode Hacker Games: The Results Are In!

The first ever Veracode Hacker Games competition has come to a close, but were the flaws in favor of our brave competitors? Read on to find out. Over the course of the two-week challenge, students from several universities in the U.S. and the U.K. came together to explore vulnerabilities and threats that they’ll one day face on the job.